Shopify app · backups in your own cloud
StoreBack takes daily snapshots of your store and uploads them straight to your Google Drive. Your data passes through us, it doesn't live with us — snapshots are erased from our side on a short, code-enforced schedule; the canonical copy lives in your cloud. Safe selective restore. Plain-English alerts when something fails. We back up your products, content, and the non-personal parts of your orders — we never request access to your customers.
Six things every competitor we surveyed gets wrong — and we fix on purpose.
Backups go straight to your Google Drive (Dropbox + OneDrive coming next). We don't keep a persistent copy — the bytes pass through us and are erased on a short, code-enforced schedule. Uninstall and your past backups stay with you in your Drive; we leave with nothing.
Every scheduled backup is its own dated snapshot in your Drive. Pick yesterday at 3 AM, last Tuesday, or the morning before the bad import — the wizard shows them all.
One product. One collection. One metafield definition. Not "all or nothing". StoreBack maps what depends on what before you click confirm — no surprises at restore time.
Defaults add and update — they never delete live store data. Destructive modes (Mirror, wipe-first, bulk "restore everything") are a separate $100 one-time unlock you have to explicitly buy. Never the default.
When a backup fails, StoreBack's AI tells you what happened in clear language — "the 3 AM backup didn't finish because Shopify's API was slow. We'll retry in an hour." No stack traces. A real person picks up when the AI isn't enough — including weekends.
30-day trial of everything, no credit-card games. Uninstall stops billing the same day. We never raise prices on existing subscribers without 60 days' email notice. No auto-tier-up, no "agency plan" upsell.
$50/month after a 30-day trial of everything. The $100 destructive-restore unlock is one-time and entirely optional — most merchants never need it.
Unlimited backups, unlimited safe restores, all destinations, AI-explained alerts, weekend human support. No credit-card games. Just install and go.
Same as trial, recurring. Cancel anytime — the moment you uninstall, billing stops the same day. 60 days' notice on any future price change.
Adds Mirror, wipe-first, and bulk restore-everything modes on top of the safe selective restore. Requires confirmation on every use. Add it only if you need it.
Four steps. The Drive connection is what makes backups durable — without it, snapshots only transit our side for up to 30 minutes, then they're hidden from you and hard-deleted within 24 hours.
Standard OAuth on the Shopify side. We request only read scopes that match what we capture — no read_customers, no read_all_orders.
One-tap Google OAuth with drive.file — we can only see files we create. Everything else in your Drive stays invisible to us.
Click "Back up now", or set a daily / weekly schedule. Each run lands in a dated folder in your Drive (2026-05-18-030000/). Media bytes live in a shared pool so dated snapshots don't multiply your storage.
Pick any past snapshot, pick what to restore — one product, one collection, one metafield. StoreBack maps dependencies and shows you the change preview before you confirm. Safe-by-default strategies cannot delete live data.
For Google's OAuth verification reviewers and for merchants who want the full picture before connecting Drive.
https://www.googleapis.com/auth/drive.filemedia/ folder where each image is uploaded
once and reused across runs. The drive.file scope restricts us at the API level
to only the files our app creates — we cannot see, list, read, or modify any other file in
your Drive. This is the narrowest scope Google offers for write access; we deliberately do
not request drive or drive.readonly.
The boundary is enforced by scope grant, by query, and by code — not by promise.
read_customers scope. No customer names, addresses, emails, or phones in our system. Order backups capture the non-personal parts — line items, totals, dates, fulfillment state. If you need full customer-and-order restore with the personal parts kept in your cloud, get in touch — that's a future bundle.app/uninstalled, billing stops the same day.Snapshots live in your Drive. On our side we keep only what's needed to call Shopify on your behalf — encrypted, EU-hosted, audit-logged. Hetzner is a transient hop, not a store of record.
Every dated snapshot folder lives in your Google Drive under your control. We never read them back or copy them anywhere. Uninstall the app and they stay with you. Delete them whenever you want — that's the end of the line.
PostgreSQL on Hetzner Online GmbH (Falkenstein, Germany). Snapshot bytes pass through it on the way to your Drive: up to 30 minutes visible to you, then up to 24 more hours retained operator-only behind audited single-sign-on so we can investigate a failed upload, then hard-deleted. No copy of your Shop content exists on our side past that combined window. What stays past that is metadata about operations — never the data itself. TLS in transit; AES-256-GCM for the encrypted tokens we hold so we can call Shopify on your behalf.
customers/data_request · customers/redact · shop/redact — all three handled, HMAC-verified. We have nothing customer-keyed to redact; shop/redact wipes the shop's record inline.
Uninstalling from Shopify admin scrubs the access token on our side and cancels billing the same day. Any snapshot bytes still in either retention window are dropped inline. Your Drive folder stays in your Drive — your call whether to keep it.
Pre-install questions, scope details, a specific entity you want backed up — we answer email. A real person, usually same-day.